- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 20 Oct 2020 00:01:49 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 20 October 2020 07:02:03 UTC
I keep bringing this up whenever we discuss `document.domain` so I kinda feel like a broken record at this point, but disabling `document.domain` is not what you are after. Enabling Origin Isolation by default is. In particular, see the second bullet point at https://github.com/WICG/origin-isolation#origin-isolation-explainer which I think might also apply to some other features that are not as well specified (e.g., `GPUDevice` comes to mind although that requires cross-origin isolated too now, but I'm pretty sure there are other process-bound objects). Enforcing that on third parties via document policy seems reasonable to me, though I haven't thought too long about it. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/564#issuecomment-712639373
Received on Tuesday, 20 October 2020 07:02:03 UTC